<?php
session_start();

$login = $_POST['user_login'];
$pass = $_POST['user_pass'];
$response = "";

require_once("../inc/connect.php");

$sql = <<<SQL
	SELECT * FROM member
	WHERE name = '$login' AND password = '$pass';
SQL;

$result = mysql_query($sql);

if(mysql_num_rows($result) == 0 ) {

	$response  = <<<error
	document.getElementById("login_error").innerHTML = "<center><b>ผิดพลาด : </b>ชื่อผู้ใช้งานหรือรหัสผ่านไม่ถูกต้อง";
	document.getElementById("login_error").style.display = 'block';
	document.getElementById("user_login").value = "";
	document.getElementById("user_pass").value = "";
	document.getElementById("user_login").focus();
error;

} else {
	$admin = mysql_fetch_array($result);
	$_SESSION['login'] = $admin['name'];

	/*
	 $cookie_name = "login";
	 if(isset($_POST['store_login'])) {

		$value = $admin['login'];
		$expire = time() + 30*24*60*60; //จำนวนวินาทีของ 30 วัน
		setcookie($cookie_name, $value, $expire);
		}
		else {
		setcookie($cookie_name, '', 0);
		}
		*/

	$response = "window.location = 'admin_manager.php';";
}

mysql_close($con);

header("content-type:text/javascript; charset=UTF-8");
echo $response;

?>